CSS-6973 Create juju jaas snap #1149
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kian99
requested review from
alesstimec,
ale8k,
babakks and
mina1460
as code owners
Move service account cli package to jaas
kian99
force-pushed
the
CSS-6973-create-juju-jaas-snap
branch
from
c04414f to
7e4dfc3
Compare
alesstimec
reviewed
Feb 2, 2024
|
I've asked in the other PR just now whether it should be generic or not. |
ale8k
reviewed
Feb 2, 2024
| description: Juju plugin for providing JAAS functionality to the Juju CLI. | ||
| version: git | ||
| grade: stable | ||
| base: bare |
ale8k
reviewed
Feb 2, 2024
| version: git | ||
| grade: stable | ||
| base: bare | ||
| build-base: core20 |
There was a problem hiding this comment.
The Juju snap is on core20 and my machine cannot (for some strange reason) build core22 snaps. But more the former reason, though we don't need to be on the same core anyway.
ale8k
approved these changes
Feb 2, 2024
babakks
approved these changes
Feb 2, 2024
| set -e | ||
| CGO_ENABLED=0 go build -o juju-jaas github.com/canonical/jimm/cmd/jaas | ||
| mkdir -p $GOBIN | ||
| cp ./juju-jaas $GOBIN/juju-jaas |
There was a problem hiding this comment.
I'm not sure $SNAP/bin is the right location. Our other snapcraft.yaml does go install which installs the file to $GOBIN but that does not let you rename the binary, so I instead do it like this.
SimonRichardson
pushed a commit
to SimonRichardson/juju
that referenced
this pull request
Mar 27, 2024
juju#16956 Recreates PR juju#16884 This PR introduces a plug into Juju CLI's Snap, allowing it to be connected to a JAAS snap that will be used to extend the Juju CLI with functionality for JAAS. This PR follows from a similar [PR in JAAS](canonical/jimm#1149) where we introduce the new Snap. The below is copied from that PR. >The mechanism by which it does this (extending the Juju CLI's functionality) is [Juju Plugins](https://juju.is/docs/juju/plugins) and Snapcraft's [content-interface](https://snapcraft.io/docs/content-interface). The juju-jaas snap shares a binary of the same name to a directory within the Juju Snap that is readable by the CLI. Because the name of the binary is juju-* the binary can be invoked via `juju jaas <command>`. It is still TBD whether it is okay to namespace the JAAS commands to `juju jaas` or whether all the JAAS commands should be surfaced as top-level commands under the Juju CLI. Regardless, the specifics for how JAAS commands are invoked can be easily changed after this by introducing symlinks/bash scripts into the JAAS Snap's `$SNAP/bin` directory of the form juju-<command> e.g. `juju-add-service-account`. ## Checklist <!-- If an item is not applicable, use `~strikethrough~`. --> ~- [ ] Code style: imports ordered, good names, simple structure, etc~ ~- [ ] Comments saying why design decisions were made~ ~- [ ] Go unit tests, with comments saying what you're testing~ ~- [ ] [Integration tests](https://github.com/juju/juju/tree/main/tests), with comments saying what you're testing~ ~- [ ] [doc.go](https://discourse.charmhub.io/t/readme-in-packages/451) added or updated in changed packages~ ## QA steps Run the following commands to build the Juju snap, install the JAAS snap and test the integration. - `snapcraft` - `sudo snap install --dangerous --devmode ./<juju-snap-file>` - `sudo snap install jaas --channel=latest/candidate` - `sudo snap connect juju:jaas-plugin jaas` - `juju add-service-account --help` **Verifying that the new plug will not impede snap uploads:** After building the snap one can run `review-tools.snap-review` against it locally. The output is as follows: ``` $ review-tools.snap-review ./juju_3.4-rc2_amd64.snap Errors ------ - declaration-snap-v2:plugs_installation:config-lxd:personal-files human review required due to 'allow-installation' constraint (bool) - declaration-snap-v2:plugs_installation:dot-aws:personal-files human review required due to 'allow-installation' constraint (bool) - declaration-snap-v2:plugs_installation:dot-azure:personal-files human review required due to 'allow-installation' constraint (bool) - declaration-snap-v2:plugs_installation:dot-google:personal-files human review required due to 'allow-installation' constraint (bool) - declaration-snap-v2:plugs_installation:dot-kubernetes:personal-files human review required due to 'allow-installation' constraint (bool) - declaration-snap-v2:plugs_installation:dot-local-share-juju:personal-files human review required due to 'allow-installation' constraint (bool) - declaration-snap-v2:plugs_installation:dot-maas:personal-files human review required due to 'allow-installation' constraint (bool) - declaration-snap-v2:plugs_installation:dot-openstack:personal-files human review required due to 'allow-installation' constraint (bool) - declaration-snap-v2:plugs_installation:dot-oracle:personal-files human review required due to 'allow-installation' constraint (bool) ``` One can see that the new plug is not listed and should not require human review - cc @wallyworld on the hesitation raised in the previous PR.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR introduces a new snap in JIMM's repository called
juju-jaas. This snap is intended to be a plugin into the Juju CLI that would extend it's functionality for the JAAS controller.The mechanism by which it does this is Juju Plugins and Snapcraft's content-interface. The
juju-jaassnap shares a binary of the same name to a directory within the Juju Snap that is readable by the CLI. Because the name of the binary isjuju-*the binary can be invoked viajuju jaas <command>. It is still TBD whether it is okay to namespace the JAAS commands tojuju jaasor whether all the JAAS commands should be surfaced as top-level commands under the Juju CLI. Regardless, the specifics for how our commands are invoked can be easily changed after this by introducing symlinks/bash scripts into our Snaps$SNAP/bindirectory of the formjuju-<command>e.g.juju-add-service-account.Note that
juju-jaassnap is built on the bare base to be as minimal as possible and the binary within is compiled with CGO_ENABLED=0 to ensure a statically linked binary which will avoid any issues if the build-base of our snap were to be different to the build-base of the Juju snap.Fixes CSS-6973
Engineering checklist
Check only items that apply
Test instructions
Introduced the appropriate plug into the Juju Snap (will make that PR next and update this). Then compiled both snaps and installed them with
sudo snap install --dangerous --devmode <snap-file>and then ransudo snap connect juju:jaas-plugin juju-jaasat which point thejuju-jaascommands became available, see below: